Common Weakness Enumeration

CWE-252

Allowed

Unchecked Return Value

Abstraction: Base · Status: Draft

The product does not check the return value from a method or function, which can prevent it from detecting unexpected states and conditions.

227 vulnerabilities reference this CWE, most recent first.

GHSA-8PCJ-QPRC-8GF2

Vulnerability from github – Published: 2022-05-24 16:55 – Updated: 2023-02-28 15:30
VLAI
Details

FFmpeg through 4.2 has a "Conditional jump or move depends on uninitialised value" issue in h2645_parse because alloc_rbsp_buffer in libavcodec/h2645_parse.c mishandles rbsp_buffer.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2019-15942"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-252"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2019-09-05T16:15:00Z",
    "severity": "HIGH"
  },
  "details": "FFmpeg through 4.2 has a \"Conditional jump or move depends on uninitialised value\" issue in h2645_parse because alloc_rbsp_buffer in libavcodec/h2645_parse.c mishandles rbsp_buffer.",
  "id": "GHSA-8pcj-qprc-8gf2",
  "modified": "2023-02-28T15:30:25Z",
  "published": "2022-05-24T16:55:31Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-15942"
    },
    {
      "type": "WEB",
      "url": "https://security.gentoo.org/glsa/202007-58"
    },
    {
      "type": "WEB",
      "url": "https://trac.ffmpeg.org/ticket/8093"
    },
    {
      "type": "WEB",
      "url": "http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00012.html"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-8W9M-P955-6H6H

Vulnerability from github – Published: 2023-08-11 03:30 – Updated: 2024-04-04 06:51
VLAI
Details

Unchecked return value in some Intel(R) RealSense(TM) ID software for Intel(R) RealSense(TM) 450 FA in version 0.25.0 may allow a priviledged user to potentially enable denial of service via local access.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2023-29243"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-252"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2023-08-11T03:15:27Z",
    "severity": "MODERATE"
  },
  "details": "Unchecked return value in some Intel(R) RealSense(TM) ID software for Intel(R) RealSense(TM) 450 FA in version 0.25.0 may allow a priviledged user to potentially enable denial of service via local access.",
  "id": "GHSA-8w9m-p955-6h6h",
  "modified": "2024-04-04T06:51:30Z",
  "published": "2023-08-11T03:30:21Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-29243"
    },
    {
      "type": "WEB",
      "url": "http://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00912.html"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-97G5-WWGM-HP9G

Vulnerability from github – Published: 2022-05-24 19:09 – Updated: 2022-05-24 19:09
VLAI
Details

libavcodec/dnxhddec.c in FFmpeg 4.4 does not check the return value of the init_vlc function, a similar issue to CVE-2013-0868.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2021-38114"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-252"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2021-08-04T21:15:00Z",
    "severity": "MODERATE"
  },
  "details": "libavcodec/dnxhddec.c in FFmpeg 4.4 does not check the return value of the init_vlc function, a similar issue to CVE-2013-0868.",
  "id": "GHSA-97g5-wwgm-hp9g",
  "modified": "2022-05-24T19:09:53Z",
  "published": "2022-05-24T19:09:53Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-38114"
    },
    {
      "type": "WEB",
      "url": "https://github.com/FFmpeg/FFmpeg/commit/7150f9575671f898382c370acae35f9087a30ba1"
    },
    {
      "type": "WEB",
      "url": "https://lists.debian.org/debian-lts-announce/2021/08/msg00018.html"
    },
    {
      "type": "WEB",
      "url": "https://patchwork.ffmpeg.org/project/ffmpeg/patch/PAXP193MB12624C21AE412BE95BA4D4A4B6F09@PAXP193MB1262.EURP193.PROD.OUTLOOK.COM"
    },
    {
      "type": "WEB",
      "url": "https://www.debian.org/security/2021/dsa-4990"
    },
    {
      "type": "WEB",
      "url": "https://www.debian.org/security/2021/dsa-4998"
    }
  ],
  "schema_version": "1.4.0",
  "severity": []
}

GHSA-99V4-PPRM-GHH2

Vulnerability from github – Published: 2023-01-05 21:30 – Updated: 2023-01-12 03:30
VLAI
Details

A vulnerability, which was classified as problematic, has been found in vicamo NetworkManager. Affected by this issue is the function send_arps of the file src/devices/nm-device.c. The manipulation leads to unchecked return value. The name of the patch is 4da19b89815cbf6e063e39bc33c04fe4b3f789df. It is recommended to apply a patch to fix this issue. VDB-217514 is the identifier assigned to this vulnerability.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2014-125043"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-252"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2023-01-05T20:15:00Z",
    "severity": "CRITICAL"
  },
  "details": "A vulnerability, which was classified as problematic, has been found in vicamo NetworkManager. Affected by this issue is the function send_arps of the file src/devices/nm-device.c. The manipulation leads to unchecked return value. The name of the patch is 4da19b89815cbf6e063e39bc33c04fe4b3f789df. It is recommended to apply a patch to fix this issue. VDB-217514 is the identifier assigned to this vulnerability.",
  "id": "GHSA-99v4-pprm-ghh2",
  "modified": "2023-01-12T03:30:15Z",
  "published": "2023-01-05T21:30:16Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2014-125043"
    },
    {
      "type": "WEB",
      "url": "https://github.com/vicamo/NetworkManager/commit/4da19b89815cbf6e063e39bc33c04fe4b3f789df"
    },
    {
      "type": "WEB",
      "url": "https://vuldb.com/?ctiid.217514"
    },
    {
      "type": "WEB",
      "url": "https://vuldb.com/?id.217514"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-9CHR-M38J-W26G

Vulnerability from github – Published: 2024-08-30 00:31 – Updated: 2026-01-28 00:31
VLAI
Details

Fault Injection vulnerability in RsaPrivateDecryption function in wolfssl/wolfcrypt/src/rsa.c in WolfSSL wolfssl5.6.6 on Linux/Windows allows remote attacker co-resides in the same system with a victim process to disclose information and escalate privileges via Rowhammer fault injection to the RsaKey structure.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2024-1545"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-1256",
      "CWE-252",
      "CWE-74"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2024-08-29T23:15:10Z",
    "severity": "MODERATE"
  },
  "details": "Fault Injection vulnerability in RsaPrivateDecryption function in wolfssl/wolfcrypt/src/rsa.c in WolfSSL wolfssl5.6.6 on Linux/Windows allows remote attacker\u00a0co-resides in the same system with a victim process to\u00a0disclose information and escalate privileges via Rowhammer fault injection to the RsaKey structure.",
  "id": "GHSA-9chr-m38j-w26g",
  "modified": "2026-01-28T00:31:37Z",
  "published": "2024-08-30T00:31:23Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-1545"
    },
    {
      "type": "WEB",
      "url": "https://github.com/wolfSSL/wolfssl/pull/7167"
    },
    {
      "type": "WEB",
      "url": "https://github.com/wolfSSL/wolfssl/releases/tag/v5.7.0-stable"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:L/A:L",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-9FR2-R98V-QC2F

Vulnerability from github – Published: 2023-07-06 19:24 – Updated: 2024-04-04 05:32
VLAI
Details

B&R APROL versions < R 4.2-07 doesn’t process correctly specially formatted data packages sent to port 55502/tcp, which may allow a network based attacker to cause an application Denial-of-Service.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2022-43765"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-252"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2023-02-08T11:15:00Z",
    "severity": "HIGH"
  },
  "details": "B\u0026R APROL versions \u003c R 4.2-07 doesn\u2019t process correctly specially formatted data packages sent to port 55502/tcp, which may allow a network based attacker to cause an application Denial-of-Service.",
  "id": "GHSA-9fr2-r98v-qc2f",
  "modified": "2024-04-04T05:32:36Z",
  "published": "2023-07-06T19:24:09Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-43765"
    },
    {
      "type": "WEB",
      "url": "https://www.br-automation.com/downloads_br_productcatalogue/assets/1674823095245-en-original-1.0.pdf"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-9QP4-RW2Q-RX7R

Vulnerability from github – Published: 2024-07-29 18:30 – Updated: 2025-11-04 00:31
VLAI
Details

In the Linux kernel, the following vulnerability has been resolved:

bpf: Take return from set_memory_ro() into account with bpf_prog_lock_ro()

set_memory_ro() can fail, leaving memory unprotected.

Check its return and take it into account as an error.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2024-42068"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-252"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2024-07-29T16:15:06Z",
    "severity": "MODERATE"
  },
  "details": "In the Linux kernel, the following vulnerability has been resolved:\n\nbpf: Take return from set_memory_ro() into account with bpf_prog_lock_ro()\n\nset_memory_ro() can fail, leaving memory unprotected.\n\nCheck its return and take it into account as an error.",
  "id": "GHSA-9qp4-rw2q-rx7r",
  "modified": "2025-11-04T00:31:05Z",
  "published": "2024-07-29T18:30:39Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-42068"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/05412471beba313ecded95aa17b25fe84bb2551a"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/7d2cc63eca0c993c99d18893214abf8f85d566d8"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/a359696856ca9409fb97655c5a8ef0f549cb6e03"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/e3540e5a7054d6daaf9a1415a48aacb092112a89"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/e4f602e3ff749ba770bf8ff10196e18358de6720"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/fdd411af8178edc6b7bf260f8fa4fba1bedd0a6d"
    },
    {
      "type": "WEB",
      "url": "https://lists.debian.org/debian-lts-announce/2025/01/msg00001.html"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-9RVW-GG78-WFM7

Vulnerability from github – Published: 2025-10-14 18:30 – Updated: 2026-06-09 12:31
VLAI
Details

An Unchecked Return Value vulnerability [CWE-252] in Fortinet FortiOS version 7.6.0 through 7.6.3 and before 7.4.8 API allows an authenticated user to cause a Null Pointer Dereference, crashing the http daemon via a specialy crafted request.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2025-58903"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-252"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2025-10-14T16:15:40Z",
    "severity": "LOW"
  },
  "details": "An Unchecked Return Value vulnerability [CWE-252] in Fortinet FortiOS version 7.6.0 through 7.6.3 and before 7.4.8 API allows an authenticated user to cause a  Null Pointer Dereference, crashing the http daemon via a specialy crafted request.",
  "id": "GHSA-9rvw-gg78-wfm7",
  "modified": "2026-06-09T12:31:59Z",
  "published": "2025-10-14T18:30:28Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-58903"
    },
    {
      "type": "WEB",
      "url": "https://cert-portal.siemens.com/productcert/html/ssa-864900.html"
    },
    {
      "type": "WEB",
      "url": "https://fortiguard.fortinet.com/psirt/FG-IR-25-653"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:L",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-9X54-G48C-7W9W

Vulnerability from github – Published: 2022-09-30 00:00 – Updated: 2022-10-01 00:00
VLAI
Details

An issue was discovered in Samsung TizenRT through 3.0_GBM (and 3.1_PRE). l2_packet_receive_timeout in wpa_supplicant/src/l2_packet/l2_packet_pcap.c has a missing check on the return value of pcap_dispatch, leading to a denial of service (malfunction).

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2022-40279"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-252"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2022-09-29T03:15:00Z",
    "severity": "HIGH"
  },
  "details": "An issue was discovered in Samsung TizenRT through 3.0_GBM (and 3.1_PRE). l2_packet_receive_timeout in wpa_supplicant/src/l2_packet/l2_packet_pcap.c has a missing check on the return value of pcap_dispatch, leading to a denial of service (malfunction).",
  "id": "GHSA-9x54-g48c-7w9w",
  "modified": "2022-10-01T00:00:17Z",
  "published": "2022-09-30T00:00:21Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-40279"
    },
    {
      "type": "WEB",
      "url": "https://github.com/Samsung/TizenRT/issues/5629"
    },
    {
      "type": "WEB",
      "url": "https://github.com/Samsung/TizenRT/blob/f8f776dd183246ad8890422c1ee5e8f33ab2aaaf/external/wpa_supplicant/src/l2_packet/l2_packet_pcap.c#L181"
    },
    {
      "type": "WEB",
      "url": "https://linux.die.net/man/3/pcap_dispatch"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-C3CJ-4XXG-MG34

Vulnerability from github – Published: 2022-09-25 00:00 – Updated: 2022-09-27 00:00
VLAI
Details

An issue has been found in PBC through 2022-8-27. A SEGV issue detected in the function pbc_wmessage_integer in src/wmessage.c:137.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2022-38936"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-252"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2022-09-23T11:15:00Z",
    "severity": "HIGH"
  },
  "details": "An issue has been found in PBC through 2022-8-27. A SEGV issue detected in the function pbc_wmessage_integer in src/wmessage.c:137.",
  "id": "GHSA-c3cj-4xxg-mg34",
  "modified": "2022-09-27T00:00:18Z",
  "published": "2022-09-25T00:00:27Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-38936"
    },
    {
      "type": "WEB",
      "url": "https://github.com/cloudwu/pbc/issues/158"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

Mitigation MIT-53
Implementation

Check the results of all functions that return a value and verify that the value is expected.

Mitigation MIT-56
Implementation

For any pointers that could have been modified or provided from a function that can return NULL, check the pointer for NULL before use. When working with a multithreaded or otherwise asynchronous environment, ensure that proper locking APIs are used to lock before the check, and unlock when it has finished [REF-1484].

Mitigation
Implementation

Ensure that you account for all possible return values from the function.

Mitigation
Implementation

When designing a function, make sure you return a value or throw an exception in case of an error.

No CAPEC attack patterns related to this CWE.